antislop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Pattern Refresh Protocol in SKILL.md explicitly instructs fetching and parsing user-generated Wikipedia pages via curl (e.g., Wikipedia:Signs_of_AI_writing and WikiProject_AI_Cleanup) and then reading/diffing that content to update detection patterns, which means untrusted third‑party content is ingested and can change the tool's detection/fix behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime "Refresh workflow" that runs curl against Wikipedia API URLs (e.g. https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:Signs_of_AI_writing&prop=wikitext&format=json and https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:WikiProject_AI_Cleanup&prop=wikitext&format=json) to fetch pattern wikitext which is then parsed/diffed and used to update the detector's prompts/rules, so remote content directly controls the agent's detection/editing behavior at runtime.